Written by LukeSeptember 30, 2017January 17, 2018

Fast event log search in PowerShell with the FilterHashtable parameter

XML structure view of an event

In my last post, I showed you how to display and find specific events with the Get-WinEvent cmdlet. Whereas you can filter event messages easily with the Where-Object cmdlet, using the Data key from the FilterHashtable parameter is much faster.

Contents of this article
– Measuring the speed difference
– Raw data structure of an event
– Displaying only events for a specific account
– Displaying only events for a specific IP address and a specific port

Leave a Reply Cancel reply

Enter your comment here...

Please log in using one of these methods to post your comment:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Google+ account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

Luke's IT blog

Azure, Windows, Powershell, Security and more…

Fast event log search in PowerShell with the FilterHashtable parameter

Leave a Reply Cancel reply

Share this:

Like this:

Related

Leave a Reply Cancel reply